Before you get started: Do not copy and paste the commands in this procedure into your terminal window, type them instead. Some commands include an "n-dash" and in the cut and paste process, these commands can be applied as an "m-dash" and that may cause the command to fail.
- From the Secure Device Connectors page, select the blue plus button
and click Secure Event Connector.
- Copy the SEC Bootstrap Data in step 2 of the "Deploy an On-Premises Secure Event Connector" window to a notepad.
- Install a CentOS 7 virtual machine with at least the memory, CPU, and disk space mentioned in this procedure's perquisites.
- Once installed, configure basic networking such as specifying the IP address for the CDO Connector, the subnet mask, and gateway.
- Configure a DNS (Domain Name Server) server.
- Configure a NTP (Network Time Protocol) server.
- Install an SSH server on CentOS for easy interaction with CDO Connector's CLI.
- Run a Yum update and then install the packages: open-vm-tools, nettools, and bind-utils
[root@sdc-vm ~]# yum update -y
[root@sdc-vm ~]# yum install -y open-vm-tools net-tools bind-utils
- Install the AWS CLI package (https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html)
Note: Do not use the --user flag
- Install the Docker CE packages (https://docs.docker.com/install/linux/docker-ce/centos/#install-docker-ce)
Note: Use the “Install using the repository” method
- Start the Docker service and enable it to start on boot:
[root@sdc-vm ~]# systemctl start docker
[root@sdc-vm ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multiuser.target.wants/docker.service to
/usr/lib/systemd/system/docker.service.
- Create two users: "cdo" and "sdc." The cdo user will be the one you log in to run administrative functions (so you don’t need to use the root user directly), and the sdc user will be the user to run the CDO Connector docker container.
[root@sdc-vm ~]# useradd cdo
[root@sdc-vm ~]# useradd sdc –d /usr/local/cdo
- Set a password for the cdo user.
[root@sdc-vm ~]# passwd cdo
Changing password for user cdo.
New password: <type password>
Retype new password: <type password>
passwd: all authentication tokens updated successfully.
- Add the cdo user to the “wheel” group to give it administrative (sudo) privileges.
[root@sdc-vm ~]# usermod -aG wheel cdo
[root@sdc-vm ~]#
- When Docker is installed, there is a user group created. Depending on the version of CentOS/Docker, this may be called either “docker” or “dockerroot”. Check the /etc/group file to see which group was created, and then add the sdc user to this group.
[root@sdc-vm ~]# grep docker /etc/group
docker:x:993:
[root@sdc-vm ~]#
[root@sdc-vm ~]# usermod -aG docker sdc
[root@sdc-vm ~]#
- If the /etc/docker/daemon.json file does not exist, create it, and populate with the contents below. Once created, restart the docker daemon.
Note: Make sure that the group name entered in the “group” key matches the group you found in the /etc/group file in step 15.
[root@sdc-vm ~]# cat /etc/docker/daemon.json
{
"live-restore": true,
"group": "docker"
}
[root@sdc-vm ~]# systemctl restart docker
[root@sdc-vm ~]#
- If you are currently using a vSphere console session, switch over to SSH and log in with the "cdo" user. Once logged in, change to the "sdc" user. When prompted for a password, enter the password for the "cdo" user.
[cdo@sdc-vm ~]$ sudo su sdc
[sudo] password for cdo: <type password for cdo user>
[sdc@sdc-vm ~]$
- Change directories to /usr/local/cdo.
- Create a new file called bootstrapdata and paste the bootstrap data from step 2 into this file. Save the file. You can use vi or nano to create the file.
- The bootstrap data comes encoded in base64. Decode it and export it to a file called extractedbootstrapdata
[sdc@sdc-vm ~]$ base64 -d /usr/local/cdo/bootstrapdata > /usr/local/cdo/extractedbootstrapdata
[sdc@sdc-vm ~]$
Run the cat command to view the decoded data. The command and decoded data should look similar to this:
[sdc@sdc-vm ~]$ cat /usr/local/cdo/extractedbootstrapdata
CDO_TOKEN="<token string>"
CDO_DOMAIN="www.defenseorchestrator.com"
CDO_TENANT="<tenant-name>"
CDO_BOOTSTRAP_URL="https://www.defenseorchestrator.com/sdc/bootstrap/tenant-name/<tenant-name-SDC>"
ONLY_EVENTING="true"
- Run the following command to export the sections of the decoded bootstrap data to environment variables.
[sdc@sdc-vm ~]$ sed -e 's/^/export /g' extractedbootstrapdata > sdcenv && source sdcenv
[sdc@sdc-vm ~]$
- Download the bootstrap bundle from CDO.
[sdc@sdc-vm ~]$ curl -O -H "Authorization: Bearer $CDO_TOKEN" "$CDO_BOOTSTRAP_URL"
100 10314 100 10314 0 0 10656 0 --:--:-- --:--:-- --:--:-- 10654
[sdc@sdc-vm ~]$ ls -l /usr/local/cdo/*SDC
-rw-rw-r--. 1 sdc sdc 10314 Jul 23 13:48 /usr/local/cdo/tenant-name-SDC
- Extract the CDO Connector tarball, and run the bootstrap_sec_only.sh file to install the CDO Connector package.
[sdc@sdc-vm ~]$ tar xzvf /usr/local/cdo/tenant-name-SDC
<snipped – extracted files>
[sdc@sdc-vm ~]$
[sdc@sdc-vm ~]$ /usr/local/cdo/bootstrap/bootstrap_sec_only.sh
[2018-07-23 13:54:02] environment properly configured
download: s3://onprem-sdc/toolkit/prod/toolkit.tar to toolkit/toolkit.tar
toolkit.sh
common.sh
es_toolkit.sh
sec.sh
healthcheck.sh
troubleshoot.sh
no crontab for sdc
-bash-4.2$ crontab -l
*/5 * * * * /usr/local/cdo/toolkit/es_toolkit.sh upgradeEventing 2>&1 >> /usr/local/cdo/toolkit/toolkit.log
0 2 * * * sleep 30 && /usr/local/cdo/toolkit/es_toolkit.sh es_maintenance 2>&1 >> /usr/local/cdo/toolkit/toolkit.log
You have new mail in /var/spool/mail/sdc